Internal Audit in the States and Local Government of Malaysia
-
Upload
ummu-zubair -
Category
Documents
-
view
218 -
download
0
Transcript of Internal Audit in the States and Local Government of Malaysia
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
1/33
Internal audit in the state and localgovernments of Malaysia
A Md Ali Universiti Utara, Malaysia
JD Gloeck Department of Auditing, University of PretoriaSouth Africa
A Ali Universiti Utara, Malaysia
A Ahmi Universiti Utara, Malaysia
MH Sahdan Universiti Utara, Malaysia
ABInternal audit is supposed to help members of organizations to improve their entitys effectiveness andefficiencGovfunhadThe nce, and a Malaysian social context that is replete with casesthat display a lack of transparency and public accountability from its major actors, help to explain these factsand pr leak future for internal audit.
Hoare vernment in particular should play so that the auditfunction may fulfill its potential as a tool that improves Malaysias economic standing at this time whenglobal tion, accountability and transparency are considered essential issues in just about any worthwhileecono
STRACT
y. But the findings from in-depth interviews conducted with internal auditors from 35 State and Localernmental Bodies (SLoGBs) located in Peninsular Malaysia in the third quarter of 2003 show that the audit
ction faces numerous challenges. This is in addition to the fact that a mere 35 out of the then 202 SLoGBsan internal audit capacity.
politics of accountability theory, power dista
edict a b
wever, a rosy future may yet be achieved through the involvement of key parties and if specific measuresput in place. This is the crucial role that the federal go
izamic, social or political activity.
Key words
Internal audit, state governments, local governments, federal government, Malaysia,National Audit Department, qualitative methods, in-depth interviews, Institute of Internal Auditor,
social context, accountability
1 INTRODUIn recent years, entities in both the publicectors have experienced many new challenges andemands resulting from the combination of a harsh
rapid developments initions and globalization. To
ols to exist aunit is
ose activities are strongly supported byboth management and other personnel within theorganization.
CTION
and private
For an effective system of internal contrwell-managed internal audit department orrequired, wh
sdeconomic climate and
chnology, market condteensure the survival of these organizations, internalauditing has increasingly been viewed by regulators,directors of listed companies and governing membersof many public sector entities world-wide as one ofthe solutions. Specifically, the need for strongcorporate governance in the management ofcorporations and public sector enterprises has
focussed attention on the internal audit function.Good corporate governance demands sound financialand operational control over the activities of an entity.
The development of modern internal auditing beginswith the formation of the Institute of Internal Auditors(IIA) in the USA in 1941. Shortly thereafter IIAchapters were established across the USA andworldwide. Internal audit is now widely seen as ahighly professional and skilled task. The originaldefinition of internal auditing provided by the IIA in itsStandards for the Professional Practice of Internal
Auditing (SPPIA) in 1978 states (IIA, 1979):
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57) 25
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
2/33
Md Ali et al
Internal auditing is an independent appraisalfunction established within an organization toexamine and evaluate its activities as a service tothe organization. The objective of internal auditingis to assist members of the organization in theeffective discharge of their responsibilities. To thisend, internal auditing furnishes them with
analyses, appraisals, recommendations, counseland information concerning the activities
viewed.
Inwprdethprhe20de (IIA, 2003):
the IIA has also publishedtandards and a code of ethics for the practice of
inar10puxxstou e
ntroduction to the SPPIA (IIA, 2003a):
Indeed, all who practise internal auditing are expected
totoenbeinprUp. organizations have failed to bring
gnificant change to their internal auditing practices.
rganizations should maintain an effectiveystem of internal control, including the establishment
d been collected, and whileis report was being finalized - the Federal
of internal audit. However, the reality of theirplementation may be something different.
re
a more recent definition, included in the SPPIAhich came into effect on 1 January 2002, the bodyovides a broader goal for internal auditing. This newfinition shifts the focus from one of assurance toat of value added, and attempts to move theofession toward a standards-driven approach with aightened profile (Nagy & Cenker, 2002; Bou-Raad,00; and Krogstad et al., 1999). The subsequentfinition says
Internal auditing is an independent, objective,assurance and consulting activity designed to addvalue and improve an organizations operations. Ithelps an organization accomplish its objectivesby bringing a systematic, disciplined approach toevaluate and improve effectiveness of riskmanagement, control and governance process.
For over half a century nows
ternal auditing. Today, these standards and codee in use in thousands of organizations in more than0 countries, and across all business types andblic sectors (Ridley & Chambers, 1998, pp. xxix-x). This is not surprising, since the internal auditandards in particular, also include inputs fromtside the United States. As mentioned in th
IThe Internal Auditing Standards Board iscommitted to extensive consultation in thepreparation of the Standards. Prior to issuing anydocument, the Standards Board issues exposuredrafts internationally for public comment. TheStandards Board also seeks those with specialexpertise or interests for consultation wherenecessary.
understand the standards and code of ethics, andadopt or modify them to suit their own
vironments. Over the years, these documents haveen enriched by research and successive
terpretive guidelines and statements, detailing howofessional internal auditing should be practised.nfortunately, as noted by Ridley & Chambers (1998,
3), manysiThey state (p. 3): True, there are now more internalaudit units; yet most of their practices are still basedon fundamental auditing principles, as developed inthe early years of the twentieth century. They alsospecifically note that (p. 3): Despite a 1990s focus on
rapid change within many organizations, in someinternal audit units technology has still not penetrateddeeply into auditing practices, while in others internal
auditors are still not seen as part of the managementteam.
In Malaysia, a growing catalogue of organizationalfailures and mismanagement highlights the need foreffective internal audit in both the public and privatesectors. While to date there have been several
research reports on the status of internal audit ingeneral (see below), none have specifically probedthe nations public sector. This is despite the welldocumented requirement that management of publicsector osof an internal audit function (Dowsett & Morris, 1981;Buttery, 1985; Coombs & Jenkins, 1994; Jones &Pendlebury, 2000). And this lack of progress inestablishing an internal audit function is in spite of therequirement having been published nearly a quarterof a century ago in Treasury Circular No. 2 (1979)entitled Implementation of Internal Auditing in FederalGovernment Agencies.
Apparently this Circular was supposed to have beenreplaced in April 2001 by one that covered not just thefederal government but also the state and localgovernments, and which was to have providedgreater detail of the required functions of the internalaudit units so formed. It is not known why thisdocument was not implemented by the authorities atthat time. Eventually, in October 2004 one yearafter this studys data hathGovernment, through its Director General of theTreasury, issued circular No. 9 (2004) to replace the1979 circular. (New Straits Times: 18 December2004).
This new circular not only applies to federalgovernments departments, but also to the stategovernments. It is noticeable that the new circular(which may be found in the Treasury website http://www.treasury.gov.com) has nearly twice as manyparagraphs as the 1979 one. There are also someparagraphs (discussed below) which suggest that theauthorities are pushing to improve the public sectorpracticeim(Malaysian life abounds with cases of the triumph ofhope over experience.) See for example Azham(1999) on the external audit perspective on the 1985-
86 economic recession and its aftermath.
Regardless of the release of the 2004 Circular, itshould have been obvious that the state of internalaudit operations in the public sector was long overduefor review. This review should have led to theidentification of problems and obstacles confrontinginternal audit, and recommended real reforms,reforms far more rigorous than the mere issuance of adocument such as that required by the new internalaudit circular.
Furthermore, such a study is needed to assist thenation to find ways to be more competitive in all
sectors of the economy, made more urgent by theimplementation of Asean Free Trade Area (AFTA) inearly 2003. Internal audit that achieves its potential
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57)26
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
3/33
Internal audit in the state and local governments of Malaysia
may actually be the right instrument for all sectors toachieve such competitiveness. Finally, the East Asianfinancial crisis in 1997/1998 proved that all strata ofsociety have to be more serious about implementingood governance. Mere lip service or rhetoric is worth
the internal auditors. Arther objective of the study is to try to provide anpl te of affairs. Finally, the
tudy attempts to predict the future of internal audit in
the internal audit function in
e Malaysian public sector. In regard to the state and
uldreatly assist policy makers and other parties to
vethe udit function. This is in line with the
rime Ministers goal of reforming Malaysia.
withinovernment departments should help the authorities
addition, this study is particularly significant since
thNre tsthaofN re in a
alacca state government agency is a case in point
erns thecreasing internationalization of internal auditing that
beCthF runprpr the IIA Global Steering
ommittee (IIA, 1999). This study may thus also be
rove the internal auditfunction throughout the government sector.
ions will be testedand extended by other academics, focusing on
in the
glittle in todays socio-economic environment. Todayschallenge is not just for companies, but also for public
sector entities to acknowledge the need for, and toimplement good governance.
2 PURPOSES OF STUDY
The primary objective of this study is to compile adata base of the forms and extent of internal auditbeing practiced in government entities operatingthroughout Peninsular Malaysia. These entitiesinclude state and local government departments andtheir various statutory bodies. The focus is on theday-to-day problems faced byfuex anation for the present sta
sgovernment enterprises and departments. All in all,the study has three basic aims related to answeringthe following questions:
What kind of internal auditing is being practiced?
Why is there this type of internal auditing?
What is the likely future of internal audit?
3 MOTIVATION AND SIGNIFICANCE OF THESTUDY
There does not yet appear to have been any attemptto provide an overview of
thlocal governments and related bodies in PeninsularMalaysia this study is probably the first to have beenconducted. The availability of such information shogdetermine what exactly needs to be done to impro
internal aPThe Prime Minister mentioned in a speech in early2004 that his agenda for the country included thecreation of a more efficient public administration, theeradication of corruption and the cutting of red tape(NST, 12 February 2004). It should be obvious thatthe achievement of such an agenda needs up-to-date
information on all aspects of the economy. Theconcerns of the internal auditors appear to be ofparticular importance since their positiongunderstand the day-to-day processes. But they havenever enjoyed public recognition, in contrast toexternal auditors working for the National AuditDepartment. Actually the Prime Minister himself seesthe need for auditors (presumably also includingthose outside the National Audit Department) to beeffective in their work. In his maiden official speech inParliament, the Prime Minister said (NST,4 November 2003):
Corruption is an odious crime. We must exploremore effective methods to deal with it and in thisregard, prevention is as important as punishment.
Streamlining work processes, reduction of redtape, improvements in the delivery system, aconscious effort to raise the quality of work andmore frequent and effective auditswould reducethe opportunity for bribery. (Emphasis added.)
In
e nations Auditor-General, who is the head of theational Audit Department, has stated in various auditports that inefficiency in the administration of mosate governments and local authorities in the countrys resulted in severe weakness in their management revenues and expenditures. Recent revelation byew Straits Times (NST) (26 September 2002)garding possible misappropriation of assets
M(and which incidentally shows the crucial role playedby internal auditors in uncovering fraud):
Malacca state government has detected assetsamounting to RM21 million missing from its
agency, Yayasan Melaka dating back to 1996.However, RM8 million has been recovered by theinternal auditors appointed by Chief Minister andwere working hard to detect the remaining RM13million worth of assets.
Another motivation for this study concin
gan in the 1990s (Foster and Greenawalt, 1995;hambers, 1996; and Miller, 1999). As a result of this,e Institute of Internal Auditors (IIA) 1997 Globalorum identified a worldwide need to have a greatederstanding of internal auditing (Lower, 1997). Theomotion of internal auditing around the world isesently a priority of
Cviewed as an effort to assist interested parties outsideMalaysia in understanding the nature of internal auditwithin a section of this nations public sector. Perhapsthrough that understanding these parties can in turnassist Malaysians to achieve the successful operationof their internal audit function.
With all these objectives for the study, the followingsignificant outcomes are desired:
To facilitate a better understanding of the mainissues affecting internal audit practice in theMalaysian public sector in the state and local
governments in Peninsular Malaysia. Through theiridentification, the nations policy makers may beassisted in their efforts to imp
To stimulate other research into internal audit. It ishoped that this studys conclus
related sectors such as the Malaysian federalgovernment, co-operatives, NGOs and perhapseven the corporate sector, with particular referenceto development issues in Malaysia and otherdeveloping countries; and
To identify consultancy, training and developmentprograms needed by internal audit units
government entities studied.
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57) 27
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
4/33
Md Ali et al
Itnepo4
Th
its e. Grier (1934, p. 4)otes that the Zenon-papyri record that internal audits
. According to Flesher and Zarzeski (2002,. 94), these early audits were in many ways similar
(post World War II)ternal audit in that they included both an
ffice of the Auditor General ofanada, 1993 and 1996; Light, 1993; Newcomer,
to focus audits on compliance and regulation, to the
; and little attention toudit findings within agencies by senior managers.
sactions, is staffed by
experienced and untrained personnel, and hasor authority to
ct in the manner expected of internal auditors.
uty to perform internal audits in
very public entity; requires professional training;
is the authors belief that, despite the acceptedgative view of internal audit, change and reform aressible.
LITERATURE REVIEW
e practice of internal audit has a long history, but
goals have changed over timnwere conducted on the Egyptian estate of the Greekruler Ptolemy Philadelphus II approximately 2,500years agopin scope to that of the moderninexamination of the correctness of accounting recordsand an evaluation of the propriety of activitiesreflected in the accounts. In short, the objective wason improving management control over the activitiesof the organization. This contrasts with the situationduring the latter part of the 19
thcentury and the first
half of the 20th
century where the emphasis was onthe detection of fraud. In explaining the turning pointfrom traditional (fraud detection) to modern (businessmanagement enhancement) auditing, Flesher andZarzeski (2002, p. 95) state that the war economy inthe early 1940s played a part whereby the internalauditors started directing their efforts towardsassisting management in any way possible. Andfollowing World War II, the benefit of the auditorsassistance was so obvious to management that therewas no consideration of reducing the auditors scopeto pre-war levels.
In public sector organizations, the internal auditfunction appears to hold high potential for promotingaccountability and improving governmentperformance. Not surprisingly, several countries havedeveloped policies that strengthen the public sectorinternal audit function and enhance their capacity forcontributing to these goals (Auditor-General ofAustralia, 1990; OC1994 and 1998). Policy measures include thefollowing: requiring the establishment of internal auditunits; establishment of standards for the professionalconduct of audit work; training; resource allocation;expanding reporting arrangements and broadeningmandates to make auditors responsible forperformance assessment. Also, the understanding
that internal auditing is an important tool foraccountability has led, in the case of the UnitedStates, to the internal audit functions beingtransferred to Inspectors-General who report findingsto both the Executive and to Congress. Thus, internalaudit is now also a tool for external accountability andno longer merely a tool of internal accountabilityintended to aid senior management of thegovernment organizations.
Nonetheless, available evidence on the recent realityof internal audit operations suggests that there ismuch room for improvement. In the United States,Canada and Australia, the following are the common
findings: inadequate audit coverage, particularly ofareas of major significance and high risk; a tendency
detriment or exclusion of audits of economy,efficiency and effectivenessaFurthermore, in Canada and Australia, professionalqualifications of audit staff are inadequate and thereis insufficient involvement of senior management inaudit planning. As for the Unites States, based upon
his study of the work of the nations Inspectors-General, Light (1993, p. 224) concludes thatgovernment appears no more accountable todaythan before the IG Act.
4.1 Developing nation s examples
As perhaps can be expected, the distance betweeninternal audit ideals and their realities is not unique tothese three developed western countries. In theSudan the situation is far worse. As noted by Brierleyet al. (2001, pp. 73-4), the typical internal auditdepartment in the Sudan is engaged in largely routineauthorisation of tran
ininsufficient credibility, independenceaEmploying interview and observation researchmethods, they conclude that in the few places whereinternal audit may be in operation, it has failed tomeet even one of the five core standards of the IIA interms of independence, professional proficiency,scope of work, performance and management. Toexplain this depressing picture of internal audit in theSudans public sector, the authors consider thecontext within which the internal audit processfunctions. These factors include the countrys pooreconomy, political instability and institutionalisedcorruption. They predict that in such an environment,and without the political will to make the necessarycorrection, internal audit in the Sudanese publicsector will continue to be marginalized in theforeseeable future.
In another developing country the picture of internalaudit in the public sector is also not that rosy. Asnoted by Schwartz and Sulitzeanu-Kenan (2002), inIsrael the recent efforts to strengthen internal auditingthrough a top-down legislative solution have notsignificantly improved the overall performance of auditunits in the lions share of ministries and statutoryauthorities. Specifically, the 1992 Internal Audit Lawplaces a statutory d
erequires access to information; grants a broadmandate that includes audits of economy, efficiency,effectiveness and decision-making, and makesauditors directly responsible to either the Director-General or the Minister. In addition, a 1995amendment requires that senior management discussaudit findings within 45 days of submission. However,Schwartz and Sulitzeanu-Kenan (2002) claim that theLaw has neglected a number of provisions whichwould have improved the effectiveness of the internalaudit function. From a review of the literature, theyidentify three structural variables: audit coveragecapacity (audit staff to total staff, and audit budget to
total budget ratios); professional expertise; andorganizational status. They also identify the absenceof a central body for training and advising public
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57)28
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
5/33
Internal audit in the state and local governments of Malaysia
sector internal auditors and for monitoring their workas a serious omission in the Law. (They point out thatthis training and advisory body is in operation in theUK and Canada.) Overall, they stress that moststipulations of the Law do little more than to upgradeexisting rules to the statutory level.
After employing a variety of research methodsincluding in-depth interviews with 25 internal auditunits of government ministries and statutoryauthorities, Schwartz and Sulitzeanu-Kenan (2002)conclude that Israeli internal audit units operate wellbelow reasonable capacity and accepted practices.In reaching this conclusion on the effects of theInternal Audit Law on internal audit practice theauthors assessed structure (mentioned earlier);rocess (involving eight variables related to
ith the promulgation of theccountants Act 1967). However it remained inactive
ual general meeting was only held in987 (Azham, 1999). The Institute appears to have
s ofternal audit of 658 organizations in both private and
oting that this report received only ten responses
ompanies, statutory authorities and government
m Ernst & Young, the Malaysianstitute of Corporate Governance (MICG) and the
. But it clearly lacks detailedtandards for the qualification and necessary due
efine and justify without theresence of clear standards (in the form of an internal
pinvolvement of senior management; audit scope; andtreatment of audit findings); and outcome (three typesbased upon the perception of internal auditorscontacted). They utilise the politics of accountability
and policy change theories to explain the causes ofineffectual internal audit legislation and of its relatedweak implementation.
4.2 Malaysia
In Malaysia very little is known of the state of internalaudit in the public sector. The same may also be saidfor internal audit in the private sector. To date verylittle research appears to have been conducted.
The Malaysian Institute of Accountants (MIA) wasestablished in 1967 (wAand its first ann1conducted its first research project in June 1988 less than a year after the statutory body wasactivated in September 1987 (MIA, 1989). The studyinvolved sending questionnaires to the headingovernment sectors, including all companies thenlisted on the Kuala Lumpur Stock Exchange (KLSE)(now the Bursa Malaysia). The response rate was 37percent or 241 organizations. The studys resultsformed the MIAs Report No. 1 issued in July 1989.
Report No. 1 showed that 129 organizations (56percent of the responding organizations) had no
internal audit departments. And out of these 129organizations, 46 mentioned that the internal auditwas carried out by the holding company orgovernment auditors. The report also investigatedthe head of internal audits reporting structures asthey affected the audit report, his requiredqualifications and his audit responsibilities. It is worthnfrom government organizations (recorded asGovernment/Statutory (see Report No. 1, Table B,p. 3)), and that five had no internal audit departments.
In August 1989 the MIA conducted a second studywhich they claimed was more in-depth than the earlier
one (MIA, 1991). Two sets of questionnaires weresent out, one to internal audit managers and anotherto chief executives. There were 106 responses
(19 percent) from the internal audit managers and133 (24 percent) from the chief executives. ReportNo. 2 states that these questionnaires were sent to555 organizations covering both listed and unlistedcdepartments. In contrast to Report No. 1, it does notdisclose how many government sector responses
there were. The report also glosses over the variousand serious issues uncovered by the first study,including the areas of responsibility and reach of theinternal auditors. The MIAs second report attemptedto justify the distressed state of the internal auditfunction in Malaysia as a function of Malaysiasemerging economy status (p. 2), and that internalaudit in Malaysia was similarly an emergingprofession (p. 10).
Besides these two MIA studies conducted in the late1980s, there appears to have been just two otherstudies conducted in the next decade. One was by agroup of Australian academics (Mathews et al., 1995)
on internal audit in both private and governmentorganizations (and which was later used in abenchmarking study by Cooper et al., 1996), andanother, in late 1999, which was a collaborationbetween the audit firInInstitute of Internal Auditors Malaysia (IIAM) (Ernst &Young et al., 2000). The focus was on internal audit incompanies listed at the KLSE (now Bursa Malaysia)and the Malaysian Exchange of Securities Dealing &Automated Quotation Bhd. (MESDAQ). While the MIAstudies were concerned with an overview of internalaudit, the next two focused on the nations internalaudit profile. But just as in the MIA studies, the lattertwo studies also failed to provide much detail on theoperation of internal audit in Malaysia. This isparticularly disheartening considering that Ernst &Young, in its study of internal audit in Russia and theCommonwealth of Independent States (the CIS)(Ernst & Young, 2002a) and another one in theCaribbean (Ernst & Young, 2002b), producedconsiderable amounts of interesting data. Its failure todo the same on the state of internal audit in Malaysiais a little mystifying.
The lack of research into internal audit has providedlimited insight and given little guidance in respect ofinternal audit. Therefore, government departmentsreally only have the internal audit circular, issued as
far back as 1979 by the Treasury in the FinanceMinistry, for guidance.
This circular defines the role and responsibilities ofthe internal auditorsdiligence processes and procedures expected forinternal auditors. Thus, as noted by Chang andDavidson (1999, p. 29) when discussing Audit Lawin the Peoples Republic of China and which isequally applicable to Malaysia, training and educationneeds are hard to dpaudit circular). Also, without a definition of
professional standards in the circular, performanceevaluation, quality assessment and assurance arevery difficult to achieve.
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57) 29
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
6/33
Md Ali et al
All in all, it is true to say that the major questionsconcerning the public sectors internal audit capacityand its operations have remained unanswered. Thisis obviously not conducive to any serious efforts toready the country to face the challenges ofglobalisation. This study attempts to shine the light ofunderstanding into that black hole and maybe, as far
as internal audit is concerned, Malaysia could set anexample for other developing nations.
There are numerous models for this type of studybesides those used in the Sudanese and Israelistudies mentioned above. An internet search led totwo notable recent studies, conducted in Canada(Canadian Treasury Board Secretariat, 2000) andMalta (National Audit Office, 2000).
The Canadian study was conducted in 2000 by theTreasury Board Secretariat the central agency
sponsible for the internal audit function in the
al audit in theovernment and to propose an appropriate course of
benchmarks indicates that the presenttandards are deficient in a number of respects
ations contained in the report, have hade unintended effect of encouraging other
ailed to all eleven internaluditors: nine responded. Later in July 1999,interviews were also conducted with a number of
n with the Canadian one, anbundance of information of international applicability
mpur, Labuan and Putrajaya,re under the exclusive jurisdiction of their respective
he state governmentsave wide legislative powers to control local
r functioning.
s responded to the research project.one of them had an internal audit department or
ations were not selectedrough random sampling, it cannot be assumed that
.2 Methods of data collection
refederal government. This was in response to many
years of criticism of the state of internal audit inFederal government departments from both insideand outside parliament. The stated purpose of thestudy was: to further analyse the issues raised bythese observers regarding interngaction. The Secretariat consulted with both privateand public sector representatives, including severaldeputy ministers and assistant deputy ministers. Theyalso reviewed submissions and official documentsproduced by interested local and overseas parties,including the Institute of Internal Auditors, based inthe United States, and the Australian National AuditOffice.
In their report, the Secretariat detailed the varioussteps that needed to be taken in order to strengthenthe internal audit operations. A notable one was theneed to review the federal governments internal auditstandards.
In the Executive Summary the Secretariat states:Our assessment of the existing standards againstsuitablesImprovements in these and other areas are needed tobetter align the government standards for internalaudit with those of recognised auditing bodies. Thiscandid admission of deficiency, together with the
recommendthresearchers elsewhere in the world to work onimproving the internal audit operations in theircountries public sectors.
The Maltese study focussed on internal audit ingovernment ministries and departments and tookplace between January 1998 and July 1999. It wasconducted by the National Audit Office (NAO) ofMalta with assistance from an outside consultancyfirm. The aims of the study were to evaluate theinternal audit function and to make recommendationsas to its future role. Data was gathered mainly
through questionnaires ma
government officials, including seven internalauditors. The NAO also analysed relevantdocumentation.
Key issues studied included the administration of thefunction by a central body; the independence ofmanagement support; the level of management
support, and the resources provided for andrestrictions on the function. Various distressingproblems were uncovered and many specificimprovements were proposed. With its concise, no-nonsense manner of presenting the problems and therecommended improvements, this research studyhas, in commoato the process of enhancing the effectiveness of theinternal audit function.
5 RESEARCH DESIGN
5.1 Population and survey sample
The Malaysian government hierarchy has threelevels: federal, state and local. Local governmentsinclude the city, town and local councils, dependingon the territorys population. The federal constitutionstipulates that local governments, outside the federalterritories of Kuala Luastate governments. Thus, thgovernments and to ensure their propeThe population for this study comprised theorganizations forming the state and localgovernments and the state statutory bodies inPeninsular Malaysia (as of May 2003). Specifically,these are:
11 state governments;
93 statutory bodies for state governments; and
98 local governments.
Initial investigations found that a mere 33 out of atotal of 202 qualifying entities possessed internalaudit departments or units. A further two were foundafter the field work had been completed and werealso included in the survey sample. A further 52organizationN
unit.
Since these 52 organizththe results are representative of those organizationsnot contacted by phone. The authors do suggest,however, that the results could be applicable to allorganizations without internal audit service, providedthat their organizational and operationalcircumstances are similar to those organizationswhose personnel were interviewed.
5
The main form of data collection was through face-to-face and telephone interviews. But, documents suchas newspaper reports and audit reports issued by the
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57)30
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
7/33
Internal audit in the state and local governments of Malaysia
National Audit Department were also reviewed.Finally, during the face-to-face interviews, basicobservation of the interviewees was done. In otherwords, the body language of the interviewees wasrecorded and used to enhance the understanding of
e verbal responses. Despite gathering this data itto an ethnographic
r sociological study. However, the researchers were
also helpssclose the "richness" of social settings for a
other organizations in fact did have internal audit
reasons phone interviewsere conducted with members of these two
allocated to internal audit
tude to internal
ential for
T four parts to the questionnaire: (A)
Practice; (C)
O
u (a), (b), etc. The development of the
n; present
other hand, he/she
common
us is to allow theewer to enter into the participants' perspective
thwas not the intention to turn this in
oaware of a high level of animation (expressive bodylanguage) accompanying the verbal responses, andthis was used to add colour to the purely verbalresponses to the questions. During the face-to-faceinterviews the interviewer also took conscious note ofthe internal audit departments office facilities andresources (presence of filing cabinets, photocopyingfacilities, word-processing facilities, etc.).
The literature refers to these efforts as qualitativemethods of collecting data (Van Maanen, 1979, p.520). These approaches to data collection wereintended to enable the researchers to apply
triangulation to reduce systematic bias in the researchwork (Patton; 1990, p. 470; Miles and Huberman,1994, p. 266). It is interesting that Neuman (1991, pp.329-30) has suggested that triangulation not onlyincreases the "sophisticated rigor" of the datacollection and analysis process, butdiqualitative inquiry. He mentions that quantitativeresearchers would consider the inconsistent picturederived from data on the same social event andcollected by different methods, different researchersor at different times, as "bias" or "error". This he sayswould not be the case for a qualitative researcher.
5.2.1 In-depth interviews
The main bulk of the data was derived from face-to-face and telephone interviews. The face-to-faceinterviews were conducted with the internal auditorsworking in government internal audit departments orunits, while the phone interviews took place withconcerned parties in organizations that did not havean internal audit function. Only after the completion ofthe face-to-face interviews was it discovered that twodepartments. For logisticalworganizations.
The interview questionnaire for the internal auditorsfocussed on the following key issues:
The role, scope and perceived value of internalaudit
The types of activities internal auditors perform
The size, structure and authority of the internalaudit function
The independence of the internal auditors
The resources
The internal audit education, training, skills andexpertise
The government organizations attia
The support mechanism for the internal auditfunctio
udit
n
The interrelationship between internal and externalauditors
The present and future challenges and potchange
here wereBackground information; (B) Organizational Audit
Supportive Efforts for OrganizationalAudit Practice; and (D) Internal Audit in the
rganization and Government Sector as a Whole. Ofa total of 60 questions, 51 were of a closed-ended,structured type (Parts B and C) and 9 were of anopen-ended, semi-structured type (Part D). 12 of theclosed-ended structured type questions had multiple
b-partssquestionnaire is discussed in Appendix A.
The closed-ended structured type questions (SectionsB and C) were concerned with the following: facts,such as the number of internal audit staff;perceptions, such as knowledge elements needed by
internal auditors to ensure the fulfillment of theirpresent roles; and the extent of agreement withvarious prepared statements. As for the open-endedsemi-structured type of questions (Section D), therewere three categories: the history and future of
ternal audit operation in the organizatioinweaknesses and strength of the organizationsinternal audit department or unit; and obstacles to andpotential for change in the operation of internal auditin the public sector as a whole.
Specifically with regard to Section D, the questionswere designed to allow the interviewees aconsiderable degree of flexibility. The same applied tothe questions raised in the phone interviews with theconcerned parties in organizations which did notpossess internal audit departments or units.
Thus, if an interviewee were to show great interest inan issue and wished to develop it further, he/she wasncouraged to do so. If on thee
was not comfortable responding, or claimed to havelittle knowledge of a particular issue, the question wasdropped. This presented the possibility that moreinformation could be collected from some people thanfrom others. In general, the questions were preparedso as to ensure that all relevant topics were covereduring the interviews. It was assumed that ad
core of information would emerge from the interviews,
but no standardized questions were prepared inadvance. The wording and the sequence of questionswere also adapted to accommodate specificparticipants in the actual interviews (Patton, 1990, p.283; Kvale, 1996, Chapter Seven).
The questions were deliberately open-ended toenable interviewees to express their understanding intheir own words. There were no predeterminedphrases or categories from which the intervieweeshould choose. The intention was for theinterviewees' viewpoints to be clearly understood bystudying their terminology and opinions, and byrecording the complexities of their individual
perceptions and experiences. As Patton (1990, p.78) succinctly notes, the purpose th2
intervi
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57) 31
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
8/33
Md Ali et al
using the assumption that the perspective of others ismeaningful, knowable and able to be made explicit.
6 FINDINGS
All the face-to-face and phone interviews with theinternal auditors took place during the third quarter of
2003 and the first quarter 2004. Out of the 202SLoGBs in the whole of Peninsular Malaysia, it wasdiscovered that a mere 35 had either internal auditdepartments or units (9 state governments, 14 localauthorities and 12 state statutory bodies). (SeeAppendix B for the list of SLoGBs with internal audit
nd the auditors interviewed.) Of the 167 SLoGBsaudit department or unit, a total of
2 of them were contacted by phone in the first
internal auditors frome state governments.
rom a total of 35 SLoGBs that possessed internal
staffing, auditharter and audit independence, occurred within an
ve hadternal audit capacity for no more than three years.
half of the 35 SLoGBsossessing an internal audit function, the experience
he
athat had no internal5quarter of 2004. (See Appendix C for the list ofSLoGBs contacted by phone.)
From this group of 52 SLoGBs that had no internalaudit function, personnel from 48 of these provided
useful data during the phone interviews. These 48government bodies were situated in Perlis (4), Kedah(8), Penang (2) Selangor (5), Malacca (7), NegeriSembilan (3), Pahang (8), Terengganu (4) andKelantan (7). No phone calls were made toorganizations in Perak and Johor because informationat hand was that the internal audit function in thesebodies was being carried out bythForty-five of the 48 organizations in this categoryconsidered internal audit to be an important tool fororganizational improvement. Unfortunately, a meager10 organizations said their organizations would beforming internal audit departments or units in the nearfuture, while five others said that there was a chance
Table 1: Age of internal audit department or uni t in t
that the internal audit function might be outsourcedinstead. Two more organizations had just set up theirinternal audit functions. Among the 10 who said thattheir organizations would establish internal auditfunctions in the near future, two said that theirorganizations would opt for internal audit outsourcing.
A variety of reasons as to why their organizations hadfailed to form internal audit departments or units in thefirst place were presented. The more frequent reasonwas the small size of their operations.
Faudit functions and that were interviewed (33 face-to-face; 2 by phone), it was found that they wereexperiencing a variety of problems in the auditoperation. Some issues, such as auditcinternal audit department or unit itself. These may becontrasted with those issues and problems involvinginteractions between audit personnel and other
government personnel from outside the internal auditdepartment or unit. These outside parties include thetop management, departmental heads and non-auditpersonnel. These issues are discussed next.
6.1 Age of internal audit
Table 1 below shows that 16 SLoGBs (nearly 46percent) have had internal audit capacity for no morethan five years. In fact, nearly a quarter hainAll in all, for just overpis still a relatively new one.
organization
Total %
Less than 1 year old 2.91Over 1 year old but less than 3 year old 7 20.0
8 22.94 11.4
ver 10 year old 42.9
Over 3 year old but less than 5 year oldOver 5 year old but less than 10 year oldO 15
Total 35 100
At the other ehave had an i
and this shoul a positive factor. Anin-depth look es a more complicated picture.
or at least one organization the internal audit
guidance are not available. s therefore notsurprising that t little audit they do conduct is
related to the monitoring of p management an area most fa u ad.
rganisationsave no diploma holders in their departments; 31%
ee holders, and 80% have noasters degree holders.
xtreme 15 SLoGBs (over forty percent)nternal audit function for over ten years
d at first glance beprovid
Ffunction was apparently established in 1980 but wasonly in operation for the next two years. In early 2003,the internal audit function was reactivated, with a staffcomplement of two. Earlier, the internal audit activitieswere suspended due to the transfer of the auditpersonnel to other parts of the organization and itsrelated bodies. But even with the recent reactivation ,the audit head has still not been able to focus fully oninternal audit because of being assigned by theorganizational head to another, unrelated job. Whatmade it worse is that both audit head and his
assistant lack audit competence. In addition the auditprograms that are supposed to be in place to provide
6.2 Audit staffing
Within the 35 SLoGBs covered in this study, there arefifty eight diploma holders, thirty four first degreeholders and seven masters degree holders workingas internal auditors. (See Table 2 below.)
Also noteworthy is the fact that 14% of o
It iwha
rojectmiliar to the a dit he
hhave no Bachelor degrM
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57)32
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
9/33
Internal audit in the state and local governments of Malaysia
Table 2: Total number of diploma, bachelor degree and
Diplom
master holders
a
No. of organisations No. of diplomaholders
Total no. of diplomaholders
%
5 0 0 0.0013 1 13 22.41
12 2 24 41.381 3 3 5.172 4 8 13.792 5 10 17.24
35 Total 58 100.00
Bachelors Degree
No. of organisations No. of bachelorsdegree holders
Total no. of bachelorsdegree holders
%
11 0 0 0.0015 1 15 44.128 2 16 47.061 3 3 8.8235 Total 34 100.00
Masters Degree
No. of organisations No. of mastersdegree holders
Total no. of mastersdegree holders
%
28 0 0 07 1 7 100.00
35 Total 7 100.00
In the closed-ended section of the interview, auditorsfrom over two-third (or 24) of the SLoGBs voiced theirdissatisfaction with the total number of staff working intheir audit departments or units. The problem ofinadequate numbers of audit personnel was alsomuch stressed by auditors from the majority of theSLoGBs in the open-ended section of the interviewsession. In fact it was seen as one of their main
problems which is not surprising considering that outof the 35 SLoGBs, twenty of them (just over 57percent) have a staff complement (including clerical)of no more than five. A mere 4 SLoGBs (just over 11percent) have more than 11 audit personnel (seeTable 3 below).
Table 3: Audit personnel available
Total %
Fewer than 3 5 14.29Between 3 and 5 15 42.86Between 6 and 10 11 31.43Over 11 people 4 11.43
Total 35 100.00
The shortages in audit personnel as perceive by those interviewed is shown in Table 4 below.
Table 4: Audit staff inadequacy
Total %Inadequate by 3 or less 13 54.17Inadequate by 4 to 5 4 16.67Inadequate by 6 to 10 5 20.83Inadequate by over 11 staff 2 8.33
Total 24 100.00
In one particular organization whose audit operationhas two staff members (compared with theorganizations total of several hundred employees,and a budget of tens of millions of Ringgit), it resortsto the use of students from local institutions of highereducation, who are undergoing practical training (aspart of their degree program), to conduct internal
audits!
In another case, the internal audit operation has fewerthan five members but their audit responsibility is soextensive that they resort to seeking assistance fromcolleagues working in other departments within theorganization. Problems arise when the assistance isneeded for long periods, or when their departmentalheads are reluctant to let them go.
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57) 33
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
10/33
Md Ali et al
6.3Audi t t raining and development yet progressed tThe open-e ewlack of audi thefaced by auditors in LoGBs. In many eheads of the internal audit operations themselvesacknowledge that they do not possess full
competence for their posts, and they must be lutedfor their honesty in ac wledging their short ings!Unfortunately the rec ition of the problem s not
o upgraded qualifications becauseappropriate courses and workshops that are
SLoGBs are not yet preparedt be seen Table 5, auditorsfrom jus oGBs (less th quarter) believethat the currently offered tr programs aresufficient r auditors from fifty percent of
the SLoGBs, the view is that t rams attendedare not sufficient at all.
Table 5: Opinion on ining and de s
rrent
nded part of the intervit competency is one of
revealed that amain problems
cas s, thS e
sakno comogn ha
theavailable are costly ando pay for them. As can
t ei t SLin
gh an aaining
. Fo nearly
h ge pro
staff tra velopment programme
Sufficient Complete Cu
To tal %Total % tal % To
Yes 22.9 5 14.3 11 31.48
No 17 48.6 16 45.7 12 34
No nt 0 1 2.9 1 2.9
No nswer 28.6 13 11 31
Total 35 100 35 100 35 100
.3
Comme 0
A 10 37.1 .4
There is a possibil rtaappropriate development and training prby government intern ditors may be ca byfactors other than financial. In one particular
terview, it was mentioned that there are not many
nly five auditorsraining on offer
was sufficient and eleven or less than a third)believed it had current relevFinally, it may be worth oneparticular organization, w longestablished and well-staffed intern
e one approach being pro to deal with staff
ith the presence ofars to be aware of
the significant role played by internal audit, it is
e s could w be implementedin du6.4 Knowl ge elements
s defined by Ridley & Chambers,998).
Thus, as can be seen in Table 6 below, the currentfocus is on issues such as interrogation techniques,
s of controls and financial accounting, whereasanced , featuring risk vocabulary,
ncepts and gement techniques, globalizationd forensic g, are not part of the core issuescused on.
t when t ors from the 35 SLoGBs werechanges in theauditors in the
future, all of them gave positive answers, showingthat they expected the futures knowledge elements tobe signi different those needed in theircurrent w environm
Table 6: Knowledg
Knowledge Eleme l %
ity that the sho ge of skills andogram faceds
al au used
ininternal audit related programs available togovernment sector auditors. This was in dramaticcontrast with the many courses for private sectorinternal auditors, which the interviewees alsoconsidered to be superior in content.
Besides the issue of sufficiency, there are the issuesof completeness and current relevance of the
vailable audit training and development programs.
When asked about knowledge elements which aninternal auditor needs in order to fulfill his or hercurrent role in the organization, as was expected, themajority of those interviewed provided answersconsistent with their work environment: i.e. eithertraditional or modern, as opposed to that of theadvanced type (a
aAs may be seen in Table 5 above, o
percent) believed the t(just over 14(
ance.
mentioning that inyith a relativel
al audit function,th posedlacking in competency is to re-grade the internal auditosition in the organization and to create new posts
asked whether they expectedknowledge elements for internalp
for the internal audit department. Wnizational head who appean orga
xpected that such ideae time
ell.
ed
1
typedva issues
co manaan auditinfoBu he audit
ficantlyo g
fromrkin ent.
e elements
nts Tota
Interrogation techn 34 97.14iquesTypes of control (preventive, detective, directive and corrective) 34 97.14Financial accounting
Auditing and analytical skills
34 97.14
33 94.29Communication techniquesLegalRed flags (indicators of fraud such as unauthorised tracontrols, unexplained pricing exceptions or unusually laTypes of frauds
Compu
32 91.4332 91.43
ctions, overrides ofe losses)
32 91.43
32
nsarg
91.43
ter technology 32 91.43Ethics 31 88.57
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57)34
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
11/33
Internal audit in the state and local governments of Malaysia
Cost accounting 27 77.14Risk vocabulary, concepts and management techniques 27 77.14ISO framework 25 71.43TQM 20 57.14
Globalisation 18 51.43Forensic auditing 15 42.86
Business Improvement Audit, e-Audit 1 2.86
Humanity knowledge, psychology 1 2.86Practical training in private and public sectorWork procedure, policies and service instruction
1 2.861 2.86
Government structure 1 2.861 2.86Technical, i.e. QS and Engineering Skills
6.5 Audit charter
The presence of an audit charter isconsidered of utmost importance for internal ditoand those with who t. This is causethis document shou y least be le tclarify which matter r the purvi f th
in rs. It however that fiveS (ju er n percent) failed to developsuc do t. F the wenty-six (over 86per t) c hat r a harters specify thetype of re sibilit r tas d the authority heldby i nal rs Ta elow).
able 7: Details of audit charter
usuallyau rs
m they interacer
beld at the v
s come unde ab
ew ooe
teLoGBs
rnal audito was foundst ov
cumenfourtee
h a or rest, tcen laim t thei udit cs spon y o k an
nter audito (see ble 7 b
T
Total %
The various types of audit responsibility or task un 26 86.67dertakenThe authority heldDelineation of procedures of responding to auditDelineation of procedures for issuing audit reports
26orts 19
86.67re 63.33p 22 73.33
Interestingly however, sixteen of the audit operationspossessing an audit charter (over fifty three percent)are still required to handle other apecified in the audit charters. Regardi
udit tasks notng the specific
ese include riskes, working
uditors from all five SLoGBs without audit charterst popular task they
to determine whether their objectives have
ed. Only one or two SLoGBs auditors
s are guided by audit charters onlyat IT audits are being conducted (see
T ies or tasks specified in audit charter
Total
stasks detailed in their audit charters, auditors fromtwenty-four SLoGBs (eighty percent of the thirty that
have audit charters) stated that the two most populartasks were appraising the adequacy andeffectiveness of internal controls, and assessing thecompliance with policies, plans, procedures and law.As for the less popular tasks, th
ssessment and governance processaclosely with external auditors, and providinginformation to outside parties (see Table 8 below).
It was found that for all five of the SLoGBs whoseauditors operate without audit charters, theirresponsibilities or tasks were determined on the basisof management requests and interviews. Their nextmost popular approach was by reviewing the findingsof external auditors (see Table 9 below).
Aalso pointed out that the mos
handled was verifying the existence of assets andtheir proper safeguards. The less popular tasks wereno different from those SLoGBs with audit charters:risks assessment; working closely with externalauditors, and assessing the presence of adequatecriteria
een fulfillbstated that these tasks were specified in their auditcharters.
It is notable that IT audit appears to be quiteunpopular for auditors whether acting with or withoutan audit charter. Of the twenty four SLoGBs whoseaudit activitie
x specify thsiTable 8), while none for those without audit charterssay they conduct an IT audit. However, when auditorsfrom all thirty five SLoGBs were asked whetherthey expected changes in the role and responsibilitiesof the audit function in the next few years, twentysix out of thirty three (or nearly eighty percent)
responded Yes.
able 8: Responsibil it
Responsibility/Task %
Appraise the adequacy and effectiveness of internal controls both accounting anded in all the activities of the organization
24 80.00administrative that are appliAssess the extent of compliance with policies, plans, procedures and law 24
n objective and timely reports to the department head so that he/she is informed of t 23 76.67
80.00
Hand i herelevant aspects of the organizational position and performanceVerify the existence of assets and proper safeguards for their protection 22 73.33
improve the working of the governmental body 22
established objectives and goals have been achieved 22information reliability and integrity 20
Suggest steps to 73.33
Ascertain whether the 73.33Review 66.67Conduct financial auditing activities separate from those conducted by the external auditors 19 63.33
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57) 35
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
12/33
Md Ali et al
Appraise the economy and efficiency with which resources are employed 1918 60.00
pplication of government revenues 17bute towards the organizations governance process by evaluation and recommendin
to the manner in which organizational values and goals are established,preserved, and accountability ensured
17 56.67
d procedures 17 7
the organization and analyse and evaluate controls 15 50.00
eration with the external auditors 15 0he relevant outside agency (such as the Central Authority of Internal 15 50.00
Conduct detailed checks on expenditures prior to payment 14 46.67
63.33Investigate fraudsAscertain the proper a 56.67Contri gimprovementscommunicated andProvide advice in setting up policies an 56.6
Identify and assess risks faced byestablished to respond to such risksConduct financial auditing activities in close coop 50.0Provide information to tAudit for federal government agencies)
Assess the presenwhether its objectives hav
ce of adequate criteria used by the gove been accomplished
ernmental entity in determining 12 40.00
Conduct special projects 12 40.00Some other responsibilities 8 26.67Conduct information technology audits (IT Audits) 6 20.00
Table 9: Approaches to determining audit responsibilities or tasks when no audit charter exists
sibi lit ies or Tasks Total %How to Determine Audit ResponManagement interviewed for inputs 5 100.00Management requests 100.00
Arising 80.00
5
from findings of external auditors 4Rotatio 60.00Audit ri l controls, comp y ofoperati
60.00
Availability of internal audit hours 2 40.00
nal approach 3sk assessment (covering factors such as quality of interna lexitons, length of time since the areas last audit, etc.)
3
OthersExternal auditor requestsAudit committee requests
2 40.001 20.001 20.00
It is notable that auditors from 17 of the 24 SLoGBswho expect changes in internal audit, have identified
IT audit as likely to be the most popular future task(see Table 10 below). The closest rival tasks for audit
Table 10: Future audit responsibilit ies or tasks
in the future were identified by only nine SLoGBsauditors. These tasks are providing advice in setting
up policies and procedures; investigating frauds, andworking closely with external auditors.
Total %
Conduct information technology audits (IT Audits) 17 70.83Provide advice in setting up policies and proceduresInvestigate frauds
9 37.509 37.50
ith the external auditors 9 37.50aluating the manner that
icated and preserved andese processes
7 29.17
ental entity to determine whether 7 29.17
nalyse and evaluat
Conduct financial auditing activities in close cooperatioContribute to the organizations governance process by evorganizational values and goals are established, commuaccountability ensured and proposing improvements toAssess the presence of adequate criteria for the goverits objectives have been accomplished
n w
nthnm
Identify and assess risks faced by the organization and a e controls 7 29.17
ead so that he/she is apprised ofthe relevant aspects of the organizational position and performance
7 29.17
7 29.17ntral Authority of Internal
ment agencies)7 29.17
6 25.00th accounting and
ployed 6 25.00
tection
d goals have been achieved
established to respond to such risksHand in objective and timely reports to the department h
Review information reliability and integrityProvide information to the relevant outside party (such as the CeAudit for federal governAscertain the proper application of government revenuesConduct detailed checks on expenditures prior to payment
6 25.00
Appraise the adequacy and effectiveness of internal controls covering boadministrative aspects that are applied in all the activities of the organizationAppraise the economy and efficiency with which resources are em
6 25.00
Suggest steps to improve the working of the governmental body 5 20.83Verify the existence of assets and proper safeguards for their pro 5 20.83
Assess the extent of compliance with policies, plans, procedures and law 4 16.67Ascertain whether established objectives an 4 16.67Conduct financial auditing activities separate from those conducted by the external auditors 2 8.33
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57)36
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
13/33
Internal audit in the state and local governments of Malaysia
6
TaFam
ho did confirm meeting wmanagement, they usually noted the presemany other parties in such meetings, includi
ous adsrnal audit department or
nit, amongst others.
T
.6 Internal audit execution interviewed w
here are many signs that the performance of theudit activity leaves a lot of room for improvement.irst, over one-third (or 12) of the SLoGBs internaluditors have no regular meetings with top
head of the organization, the varidepartments, the head of inteu
anagement (see Table 11 below). But of those
ith topnce ofng the
he of the
able 11: Regular meeting wi th top management
Total %
None 12 34.29Fewer than 3 2 5.71
.00
35 100.00
Between 3 and 7 14 40.00Over 7 times 7 20
Total
S asth
(see Table 12 below). Again from Table 12 thpopular approach to identifying audita are
tified
Total Entities with auditcharter (30)
Entities wiaudi art
econd, regarding the identification of auditable areithin the organization, a third of the SLoGBs wiw
audit charters failed to conduct a risk assessment by referring to previous audits.
e mostas wasble
Table 12: How the prob lem/auditable areas are iden
thoutt ch er (5)
Previous audit results 32 28 4Management requests 27 23 4
34
occurred 18 17 1
Cyclical audit 26 23Risk assessment factors (such as quality of internal
, last time24 20
controls, complexity of operations, etc.) deemed highaudited
Alleged irregular conduct
nother sign that all is not well in internal audit in
ssee
stated that there was no obstruction to their accessinga lyqM
Iepap reviewing of
aa
On the positive side, over thirty internal audit
ditee, andthe development of recommendations wheneverappropriate.
This should augur well for internal audit in theSLoGBs concerned. But on further in tigasad reality is that there is a lack of gani l
n a numb of S .eral interview th tnsidered to be of little
auditee organizations. This is probablythorit has
interest in whether or not an auditee implements the
esrelease of the audit report is essentially the end of the
T
Total
ASLoGBs is the fact that internal auditors from fiveSLoGBs (just over 14 percent) were not given accessto certain sections of their organizations. It is alsoworth noting that in one particular interview it wastated that there was no obstruction to access. In the
heads stated that the following activities wereamong those that routinely took place during theirauditing: performance of follow-up audits on all auditfindings after the presentation of the audit report;discussion of recommendations with the aus
next breath the interviewee stated that acceends on CEOs final say. Another interviewdep
ll sections of the organization. This was immediateualified by the statement: except for the office of theayor.
t is discouraging to find that certain activities usuallyxpected of internal auditors are not that frequentlyerformed (see Table 13 below). Thus, the following
As emerged from sevfindings are always coimportance by
udit tasks are seldom considered during thelanning stage: the potential fraud risk;
because nobody in higher au
udit working papers by senior auditors, andssessing risk.
suggestions made by the auditor. As a r
ves tion the or zationa
openness towards changes i er LoGBss, e audi
y shown
ult, the
audit process.
hen auditingable 13: Specific activities undertaken w
%
Conduct interviews 34 97.14
Prepare audit report 33 94.29Prepare annual audit plan detailing the auditable areas, the resources required andduration of each audit activity during a calendar year
33 94.29
Review prior audit reports and other relevant documentations 32 91.4331 8
f the audit 31 88.57
31 88
82
Develop work papers 8.57Perform follow-up audits on all audit findings sometime after the issuance oreport
Discuss recommendations with auditee 8.57Develop recommendations when appropriate 31
Disseminate audit outcome to the appropriate individuals 29
8.57
.86
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57) 37
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
14/33
Md Ali et al
Require written response from auditee (to include among others plans for correctiveaction and the date by which action will be implemented)
29 82.86
Maintain an awareness of the potential for fraud while auditing 29 82.86Use audit aids such as flowcharting, internal control questionnaires and checklists 29 82.86Evaluate the relevance, sufficiency and competency of evidence 28 80.00Monitoring the progress of audit work 27 77.14Use computer 25 71.43
Consider the potential for fraud during planning stage 24 68.57Perform Analytical Review Procedures 24 68.57Review audit work papers by senior auditors 24 68.57Execute judgmental sampling 22 62.86Execute statistical sampling 21 60.00
Use risk assessment technique to inform the audit planning and resource allocationprocess
17 48.57
Some other operational details are executed 4 11.43
The internal auditors assessment of their currentperformance corresponds closely with theorganizational and structural problems andobstructions discussed above. Thus, as can be seen
in Table 14 below, internal auditors from 14 SLoGBs(forty percent) could only manage to rate their auditperformance as Average.
Table 14: Performance of in ternal audit department or un it
Total %
Excellent 5 14.29Good 16 45.71Average 14 40.00Weak 0 0.00Very Weak 0 0.00
Total 35 100.00
A clear indication that there is a lot of room forimprovement in internal audit in the SLoGBs asidefrom the fact that a mere 35 out of 202 of them inPeninsular Malaysia have an internal audit
department or unit - is the fact that auditors from 22SLoGBs (or over sixty percent) said that there was noassessment program that covered all aspects of theinternal audit activity and which continuouslymonitored its effectiveness,. Among those auditorswho said that there were assessment programstaking place, one claimed that it came in the form ofexamination by internal auditors attached to the stategovernment, and included the presentation of a reporton the function, tasks and effectiveness of internalaudit at the states exco meetings.
6.7 Aud it independence
For both external and internal auditors, their
independence from those whom they audit is crucialfor the success of their function. For internal auditorsit is more difficult to achieve independence becausethey are actually employees of the organization theyaudit.
Thus, it is surprisingly pleasant to find that auditorsfrom twenty-five SLoGBs (over seventy percent) saythat the internal audit function is placed high up theorganizational chart. Also, audit findings arefrequently communicated with relevant parties for allSLoGBs. In each organization this is a formal, writtenreport, and in a majority of cases (31 or almost ninety
percent) the recipients are the organizational heads.In five cases, the written reports are supported by oralpresentations. In thirty-one SLoGBs (or almost ninetypercent), the written reports include the management
action plan which clearly identifies for eachrecommendation, the actions to be taken and theirtiming. In cases where no such action plan ispresented, two of them claim that the partiesmentioned in the report are required by theorganizations to respond to the reports by filing actionplans or other responses to parties such as the headsof the organizations, the audit committees, or headsof internal audit departments.
As can be seen in Table 15, it is also particularlyencouraging to find that in 30 cases (just over 85percent), the auditors are in fact required by theorganizations to monitor whether or not therecommendations made in the audit reports have
been acted upon. In one particular case, an auditeewas given two weeks to respond to an audit report.And two weeks after the response had been made,the auditor was required to verify whether the auditeehad in fact taken the needed action. Unfortunately,there are also four cases (just over eleven percent)where the auditors are not required by theorganizations to do follow up, and neither has anyoneelse in the organization been asked to do themonitoring. In one additional case, the participantfailed to provide any answer. Here, it is also likely thatno follow up is performed or expected.
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57)38
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
15/33
Internal audit in the state and local governments of Malaysia
Table 15: Audit monitoring of the actions taken up byaudit report
ot
the relevant parties upon recommendations in the
T al %
Yes 30 85.71No 4 11.43No Answer 1 2.86
35 100.00
Besides the monitoring issue, there are other issuesaffecting indepe ly by internalaudit personnel rom a list of questionswhere answer Yes, No, NoComment or nd that in fourSLoGBs (just o rcent) the auditors wereot able to sa they were free to allocate
techniques to accomplish the a es. Also, infour SLoGBs th w le to say thatthey were free to obtain the necessary assistance ofpersonnel in areas of the org eing audited;and, in seven SLoGBs (twe ent) the auditorsfailed to say that they wer to produce auditreports where the contents t be to the liking
ne
Yes % Other than %
ndence, and faced dai in SLoGBs. Fs were either
as fouOthers, it wven pever ele
y thatnresources, set audit frequencies, select subjects,determine scope of work and apply appropriate
of those associated with the organizations they comefrom (see Table 16a below).
able 16a: Independent issues faced by audit person l
udit objective auditors ere unab
anizations bnty perc
e freemight no
T
Yes
Face no obstruction to audit regardless of offices, records,p
33 94.29roperty and personnel
2 5.71
H nior personnel 33 .29 2 5.71F resources, set frequencies, select subjects,d uireda
31 88.57 4 11.43
F ssistance of personnel in areas ofth formed
31 88.57 4 11.43
Free to produce audit reports where the contents may not be tow
28 80.00 7 20.00
ave regular access to se 94ree to allocateetermine scope of work and apply the techniques reqccomplish audit objectivesree to obtain the necessary a
to
e organization where audits are per
the liking of individuals or groups working or associatedorganization
ith the
Doubts about audit personnels independence mayalso arise in another two situations (see Table 16b).First, auditors from six SLoGBs (just over 17 percent)were not able to say that they were free fromperforming operational tasks such as preparinginventory records and other basic accountingdepartment functions.
Table 16b
Second, auditors from 16 SLoGBs (nearly half) wereunable to state that they are incapable to direct theactivities of personnel outside their audit departmentsor units who have not been assigned to assist them.
: Addit ional independent issues faced by aud
it personnel
No % Otherthan No
%
Perform operational duties for the organization or its afcompiling inventory records, participating in departmentaprocurement boards, involvement in accounting process
Direct the activities of any organization employee not emthe Internal Audit Department except to the extent suchave been appr
filial,
phopriately assigned to assist the internal au
tes such as
etc.
29 82.86 6 17.14
loyed withinemployeesditors
19 54.29 16 45.71
The fact that there are issues worth considering about the independence of internal auditors in SLoGBs mayb the fact that auditors from 14S at they have encounteredtmcS
Ta swers thata ers int
With regard to obstructed access to auditingoffices, records, property an onnel, itorsfrom only two SLoGBs cla at th ditactivities were restricted by th izati ee
whe ey we edtions in their orga ns
ich were off limits, auditors from fivean ooGBs agreed that there were h sect
uestion of whe ditaccess to or
management, auditors from tw Bs edthat they did not have fre t acc eeTable 16a), although earlier, itors ll
e clearly seen fromLoGBs acknowledged th
hreats in their jobs. Auditors from nine SLoGBsention that these threats include scratching of their
ars, puncturing the tires, verbal abuse and abusive
Table 16a). But earlierwhether there were sec
MSs.
he final issue regarding the independence of internaluditors
Also, in regard to the qpersonnel have frequent
in SLoGBs is concerned with anppear to contradict interviewees other answhe interview sessions.
d persim th
auded eir au
e organ ons (sn th re ask
nizatiowhSL
d not twsuc ions.
ther au seni
o SLoG indicatquen ess (s aud from a
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57) 39
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
16/33
Md Ali et al
35 SLoGBs claimed to communicate frequently withrelevant parties on audit findings.
disseminate information
l activities forion. However, in the open-ended
organizationtask of
the organization.
6
A a halfation
lack of understanding of the role of internal audit asindependent apprai n in the organizations(see Table 17a). Ma l auditor isviewed by non-audit l as mainly interested infinding out other faults. One particularinterviewee stated: department does not
and u standimembers of the department.
sed-ended section of thew, auditors from 25 of the SLoGBs (just over
71 percent) either agree or agree strongly t reis a lack of appreciation of the v and im ce
of internal audit in the organizations (see Ta ).One interviewee stated: They focuscenters.
The need for improved co-operati ndternal auditors eir
clients, revealed in the closed question portion of thequestionnaire, is confirmed by various commentsmade in response to the open-ended questions. Many
than looking for otherpeoples mistakes. In another interview, it was
oned that the prevailing view among non-auditnnel was that the work of internal auditors has
made th k more co ated than necessary. Inother wor they have rception that their workwould be er withou rs.
able 17a: Audit - non-audit personnel interaction
There was also one particular case where, in theclosed-ended section of the interview session, the Finally, from the clo
responses indicated that the internal audit intervie
personnel do not conduct operationathe organizat
section of the interview, the responses clearlyindicated that the head of thespecifically assigned the audit head thepreparing group accounts for
.8Audi t - non-audit personnel interaction understanding between in
uditors from 18 SLoGBs (fifty one andercent) feel that the level of support and cooperp
from other parties inside the organizations is actuallygood. In strong contrast, auditors from 13 SLoGBs (orjust over 37 percent) either agree or agree stronglythat there is little support and minimal cooperationrom others in the organizations being audited. Again,
of these comments are concerned with the negativeperception held by non-audit personnel: as aninterviewee pointed out, auditors are believed to beinterested in nothing more
fauditors from nearly seventy five percent of the
Bs either agree or agree strongly that there is a mentipersoSLoG
sal functiothat the internany say
personnespeople
The head of
nder ng to all
hat thealue portan
ble 17ajust on profit
on aand th
eir wor mplicds, the peeasi t audito
T
Strongly
Agree
Agree Not Sure Disagree StronglyDisagree
Total % Total % Total % Total % Total %
There is little support and minimal cooperation
coming from others in the organization for theInternal Audit Department to be able to conductits activities successfully.
1 2.9 12 34.3 4 11.4 17 48.6 1 2.9
There is a lack of understanding of the role ofinternal audit as an independent appraisalfunction within the organization.
7 20
There is a lack of appreciation of the value andimportance of the Internal Audit Department inthe organization.
5 14.3
19 54.3 3 8.6 6 17.1 0 0
20 57.1 5 14.3 5 14.3 0 0
Some other comments raised by intervieweesoncerned those auditee staff whose jobs and
ed on (negatively) by theternal auditors. Typical responses to the audit report
kings, and with little more than silence fromgher up the organisation, the internal auditors have
atters raised relate to the performance of those high
p in the organizations concerned. These people,equently on a higher salary grade than the internalaudit head, pull rank and have the auditors
In reality however such supportive organizationalheads are hard to find in SLoGBs. In fact many
organizational heads seem to actively sabotage theviability of the internal audit process by ensuring thatthe departments are under-staffed, and that those
cperformances were commentininclude necessary actions shall be taken, but
nothing further happened, or that this matter shall bemade certain to never recur, but are in fact allowedto reoccur year after year. But with no power toensure that the auditees make good on theirundertahivery little option except to suffer in silence.
Fortunately or unfortunately, this occurs most often inordinary cases such as records not up-to-date. Incases considered serious, the internal audit headsmay resort to sending of appropriate letters higherup. Problems may occur however when thosem
ufr
admonished for having dared to write suchreprimands!
6.9 Audi t top management interaction
It is our contention that the two problems of under-staffed internal audit departments and of internal auditstaff with inadequate skills could be overcome if theheads of the organizations possessed the intentionand will to get the best for and from theirdepartments. Similarly, the negative perception ofinternal auditors as fault-finders whose comments cansafely be ignored, could be reversed if organizationalheads were to actively support and place positivevalue on the activities and reports of the internal auditpersonnel, providing leadership by example.
Southern African Journal of Accountability and Auditing Research Vol 7: 2007 (25-57)40
-
8/11/2019 Internal Audit in the States and Local Government of Malaysia
17/33
Internal audit in the state and local governments of Malaysia
staff they do see fit to employ are juniors and/or havedit experience. In a fe
but for one reason or another, the audit reports areminimal au w cases the audit
nnel are further burdened ith duties unrelatedto auditing, with the objective of preventing the auditfrom occurring.
In one particular organization th on
several occasions requested permission from hisuperiors to hire additional staff. The standard
urprising that the audit head comments that he/she
wards the internal audit department: whether its
presence or absence would have any material impacton the futw does.
Isatdsat cus has changed from financial
anagement to other responsibilities that supposedly
eatment, compared to a fewthers, all is not quite lost for internal audit in this
e to audit whichever departments, records, assetsand personnel they see fit. They are also free toaoat
it
the organizational head.
not sent to the organizations head.
audit reports to thenizatio d does not, however, guarantee
y w ead. There is widespread apathywards au ports amongst heads of SLoGBs.
his was d by many of those interviewed,and obviously contributes to the undermining of and
not usually botheredabout the report and the function played by theinternal auditor.
One audit h eporte at to nt on oneon put the audit report in cold storage
year. A er i ee reported that theorganization d clined to side w e
itees wh er th proven by the au ofailed to follow ational proceduraudit heads interviewed explained that this was
nizati head needed supportvar dep al heads in order to retain
on as the head of the organiz !sly th as e e auditors confidcess, and the lines of authority.
In addition to organizational heads failing to take auditports seriously, there are others who expect the
ave succumbed to outside pressure (includingpolitical) that has persuaded them to ignore thefindings of misconduct by the internal auditors.
This auditor is from a te w n fo ecorruption of i vil s nts icians, as
by er po erfe ations
nment organizations suspend standardoc es ing t action
tside gove , and h indvery well be politicians). In other words
in authority in the government sector arecolluding with those in the private sectors to the
imththstprPap ivil
w
Ppr
perso w The submission of the
e audit head has
sresponse has been that not many people areinterested in coming to work in a location where thecost of living is rather high, so there is no point inadvertising for staff! It is also worth noting that in thisparticular organization, the head of audit who issupposed to report directly to the organizational head,has in fact never had so much as a single meetingwith him, even though the internal audit function wasestablished several years ago! It is therefore not
contempt for the internal audit function.As stated by an audit head:
If an auditor were to get a full mandate [from theCEO] and the audit report were to be checkedand monitored by the CEO, this would lead to theaudit report being taken seriously. On the otherhand, if the CEO does not give a reasonable levelof mandate, the auditee is
sfinds it difficult to interpret his superiors attitudeto
nctioning of the organization as a whole, andhat there has as yet been no opportunity to show himhat the internal audit depart
occasia
ment actually
t was also not clear to the audit head whether hisuperior simply had no time for or no interest in theudit department. With no c
audhaveof the
ontact whatsoever withhe organizational head, the audit head is left toecide what the audit focus should be
because the orgafrom the
. Noturprisingly this is the familiar financial managementspects of the organization. It is only quite recentlyhat the fo
his positiObviouthe pro
mcome under the purview of an internal auditor.Perhaps nothing better illustrates the insignificantvalue the organizational head places on internal auditthan the fact that the auditors are sited in a decades-old wooden structure next to the main building!
In spite of this poor troorganization. This is because the auditors are stillabl
llocate resources, determine audit frequency andther related matters. Finally, they are free to produceudit reports even when their contents may not be to
attested toPolitical inteheads of gover
he liking of certain parties in the organization. What
s also satisfying is that the departmental heads withinhe organization have rarely failed to implement theuggestions made by the audit head. This is probably
operating pr
operators ou(who maythoses
because the audit head was previously attached tothe National Audit Department, and was the externalauditor for the organization.
Is is notable that for reporting purposes, he/she sendsthe reports to both the states treasury unit and to thebranch office of the National Audit Department, whichis located nearby. No such reports are howeverissued toThis experience is probably typical of audit units in
general, where, on paper, the internal audit function issupposed to file reports to the organizations head,
orga nal heathat the ill be r to dit re
T mentione
ead r d th p manageme for
noth nterviewal heaenev
was iney were
ith thditor t
organiz es. One
onalartmentious
ationence inis h roded th
reauditors to file reports on staff misconduct eventhough they have been aware of such misconduct allalong. Worse, there are cases where heads oforganizations have cultivated outside associations, orh
staerva
ell-knowand politss th
r thts ci
numrence h
ous exere refers to situ